Posts in 2022
Falco 0.32.0
Friday, June 03, 2022 By Federico Di Pierro
Today we announce the release of Falco 0.32.0 🦅! Novelties 🆕 Let's review some of the highlights of the new release. This is one of the biggest releases ever, with around 200 commits on Falco and 230 on libs. The Falco community once again proved to …
Falcosidekick 2.25.0 and Falcosidekick 2.0.0
Wednesday, June 01, 2022 By Thomas Labarussias
A few days ago was the KubeCon EU in Valencia, Spain. The moment to meet contributors who made what Falcosidekick is now was a really enjoyable time and I hope we'll do it again in the future. One week before, two new major versions of Falcosidekick …
Getting started developing Falco
Monday, April 18, 2022 By Lorenzo Susini
Hello, Falcoers! Interested in Falco and want to contribute your ideas? Feeling stuck because you don't know where to start? No worries, we are here to help! Whether you want Falco to monitor a new system call, add a brand new feature, or solve a …
Analyze Okta Log Events with a Falco Plugin
Friday, March 25, 2022 By Thomas Labarussias
In March 2022, the cybercriminal group LAPSUS$ claimed to have breached Okta, the Identity Platform, only two months earlier, leaving their customers with the uncertainty of having been exposed as well. After a thorough investigation undertaken by …
Falco 0.31.1
Friday, March 11, 2022 By Luca Guerra
Today we announce the release of Falco 0.31.1 🦅! Novelties 🆕 Let's review some of the highlights of the new release. New features This release allows you to use multiple --cri command-line options (#1893) to specify multiple CRI socket paths. Note …
Extend Falco inputs by creating a Plugin: Register the plugin
Wednesday, March 02, 2022 By Thomas Labarussias
This post is is part of a series of articles about How to develop Falco plugins. It's addressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: the …
Extend Falco inputs by creating a Plugin: the basics
Tuesday, February 15, 2022 By Thomas Labarussias
This post is is part of a series of articles about How to develop Falco plugins. It's adressed to anybody who would like to understand how plugins are written and want to contribute. See other articles: Extend Falco inputs by creating a Plugin: …
Announcing Plugins and Cloud Security with Falco
Wednesday, February 09, 2022 By Loris Degioanni
The just released Falco v0.31.0 is the result of several months of hard work and includes many exciting new features. One of them, however, is particularly strategic for Falco as a project: the general availability of the plugins framework. I would …
Falco 0.31.0 a.k.a. "the Gyrfalcon"
Monday, January 31, 2022 By Jason Dellaluce, Leonardo Grasso
Today we announce the release of Falco 0.31.0, a.k.a the Gyrfalcon 🦅! Gyrfalcons are the largest of the falcon species, just like this version of Falco has the biggest changelog ever released. To give you some metrics, since the last release, the …
Monitoring new syscalls with Falco
Monday, January 17, 2022 By Jason Dellaluce, Federico Di Pierro
Falco is currently the de facto standard for runtime threat detection in Kubernetes environments. The project is growing at a very fast pace, and so is its open source community. The role of Falco is to collect all the system events of a cluster and …